Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0132

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0132
Last Modified 13 May 2009 12:17:01
Published 11 Apr 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0132

Summary

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.9


References

CERT-VN - VU#206537

BUGTRAQ - 20030402 [ANNOUNCE] Apache 2.0.45 Released

VUPEN - ADV-2009-1233

REDHAT - RHSA-2003:139

MISC - http://www.idefense.com/advisory/04.08.03.txt

MISC - http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147

SECUNIA - 8499

SECUNIA - 34920

CONFIRM - http://lists.apple.com/mhonarc/security-announce/msg00028.html

BUGTRAQ - 20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service

BUGTRAQ - 20030410 working apache <= 2.0.44 DoS exploit for linux.

BUGTRAQ - 20030408 Exploit Code Released for Apache 2.x Memory Leak

BUGTRAQ - 20030409 GLSA: apache (200304-01)

BUGTRAQ - 20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x


Last Updated: 27 May 2016 10:37:48